Authentication apparatus, method, system and program, and server apparatus

ABSTRACT

A scenario including a combination of procedures of multi-factor authentication required for a terminal to receive provision of a service is stored and managed in association with the service, and a probability that the procedure will succeed is stored and managed in association with each of the procedures, a success probability of the service through the scenario, is calculated based on the probability regarding the procedure to evaluate at least one of security and usability based on the success probability, and the service to the terminal, is controlled according to the evaluation result.

REFERENCE TO RELATED APPLICATION

This application is a National Stage Entry of PCT/JP2016/051268 filed onJan. 18, 2016, which claims priority from Japanese Patent Application2015-008162 filed on Jan. 19, 2015, the contents of all of which areincorporated herein by reference, in their entirety. The presentinvention relates to an authentication apparatus, a method, a system, aprogram, and a server apparatus.

TECHNICAL FIELD Background Art

With wide spread use of high-function mobile terminals such assmartphones, it has become possible to implement multi-factorauthentication (Multi-Factor Authentication) more safely andrealistically, by using multiple sensors and constant updates ofapplications on the terminal. In cloud services that provideauthentication services for improving security when using smart devicessuch as smart phones and tablet PCs (Personal Computers), for example,two-factor authentication using software certificates is adopted. Inthis case, for example, by inputting ID (Identity: identificationinformation)/password from a smart device, an authorized device and userare identified to allow the user to access, for example, to a businessapplication, etc., from the smart device.

Although various techniques of multi-factor authentication have beenproposed, the reality is that an evaluation axis for each authenticationaccuracy has not yet been provided.

ID and password are used in most sites for authentication in a loginprocedure of EC (Electronic Commerce: electronic commerce) site (seeNon-Patent Literature 1, for example). However, authentication with IDand password alone is said to have security problems. As is indicated byfrequent occurrence of an attack called a password list attack, forexample, it has become impossible to sufficiently secure security inlogin authentication with ID and password alone (see, for example,Non-Patent Literature 2).

Such smart devices with a plurality of sensors and secure elementsmounted in advance are manufactured and sold. In particular, a terminalwith a biometric authentication function implemented and payment usingterminal authentication using a secure element of SIM (SubscriberIdentity Module) have begun to be used. That is, although ID andpassword are based on user's memory and input, authentication notdepending on user's memory and input alone is beginning to be used.

In addition, a possibility of a behavior based authentication method hasbeen spreading, such as pointing out possibility of fraud when loggingin with an IP(Internet Protocol) different from a usually used accesssource, a method of examining likeliness of true self by utilizinghistory of past shopping and Web browsing, etc. For example, a mechanismhas been proposed in which, when a user who usually logs in Japan logsin overseas, an alert of a password is issued (for example, seeNon-Patent Literature 4).

Non-Patent Literature 1

-   Symantec Inc./Japan VeriSign Co., Ltd., Awareness survey results on    “Personal and corporate password management” report, 2013.10, [Dec.    15, 2014 search], Internet <URL:    https://www.jp.websecurity.symantec.com/welcome/pdf/password_mana    gement_survey.pdf>

Non-Patent Literature 2

-   Survey on actual status of IPA, online identity authentication    method, 2014.8, [December 15, 2014 search], Internet    <URL:/https://www.ipa.go.jp/files/000040778.pdf>

Non-Patent Literature 3

-   Japan Post Bank, About Risk Based Certification (Image and    Concluding), [Dec. 15, 2014 search], Internet <URL:    http://www.jp-bank.japanpost.jp/direct/pc/security/drsecurity/dr_pc_sc_ds_riskbase.html>

Non-Patent Literature 4

-   Google, Last Account Activity, [Dec. 15, 2014 search], Internet    <URL: https://support.google.com/mail/answer/45938?h1=ja>

Non-Patent Literature 5

-   Cabinet Secretariat, Risk Assessment and Electronic    Signature/Authentication Guidelines in Online Proceedings, 2010.8,    [Dec. 15, 2014 search], Internet <URL:    http://www.kantei.go.jp/jp/singi/it2/guide/guide_line/guideline100831.pdf>

SUMMARY

The following analysis has been made based on the present invention.

Many of authentication schemes determine success/failure ofauthentication by one authentication element. Multi-factorauthentication combining a plurality of authentication elements alsoutilizes pre-set elements, such as ID/password, and presentation of arandom number table, for example.

As with risk-based authentication, a service which does not always issuean authentication request in the same format, is also increasing,wherein an authentication element is added only when a behavior of auser is “different from ordinary” (for example, refer to Non-PatentLiterature 3). In a risk-based authentication, for example, when anaccess is made with user information or the like, the same as usual, forexample, authentication with a fixed password, etc., is performed, andwhen access is made with user information, etc., different from user,assuming that a risk is high that the user information such as passwordis stolen, additional certification such as letting the user answer anadditional question(s) registered in advance is carried out.

In recent years, particularly with widespread use of high-functionterminals of smartphones, it can be said that environments enablingfrequent change of procedures are also being in place by introducing newapplications and utilizing various types of sensors mounted on theterminals.

In this way, an evaluation scheme for entire authentication is requiredin order to dynamically change and use a combination of various andvariable authentication elements. Further, in this evaluation scheme, aflexible and highly convenient scheme is desired, which makes itpossible to change to another authentication scheme, when theauthentication service actually is started, for example.

The present invention has been invented in view of the above problems,and an object thereof is to provide an apparatus, a method, a system, aprogram, and a server apparatus that allow a combination ofauthentication elements to be dynamically changed and made available.

According to one aspect of the present invention, there is provided amulti-factor authentication apparatus communicatively connecting to aterminal to perform multi-factor authentication, comprising:

a storage unit that stores a scenario including a combination ofprocedures of multi-factor authentication required for the terminal toreceive provision of a service in association with the service, andstores, in association with each of the procedures, a probability thatthe procedure will succeed;

an evaluation means (evaluation unit) that calculates a successprobability of the service through the scenario based on the probabilityregarding the procedure to evaluate at least one of security andusability based on the success probability; and

a control means (control unit) that controls the service to theterminal, according to the evaluation result.

According to the present invention, there is provided an authenticationsystem comprising: a terminal and the multi-element authenticationapparatus.

According to another aspect of the present invention, there is provideda server apparatus including the multi-element authentication apparatus.

According to yet another aspect of the present invention, there isprovided a method for performing multi-factor authentication by acomputer communicatively connecting to a terminal, the methodcomprising:

storing in a storage unit a scenario including a combination ofprocedures of multi-factor authentication required for a terminal toreceive provision of a service in association with the service, andstoring in the storage unit, in association with each of the procedures,a probability that the procedure will succeed;

calculating a success probability of the service through the scenariobased on the probability regarding the procedure, to evaluate at leastone of security and usability based on the success probability; and

controlling the service to the terminal, according to the evaluationresult.

According to still another aspect of the present invention, there isprovided a program for causing a computer communicatively connecting toa terminal to perform multi-factor authentication to execute processingcomprising:

storing in a storage unit a scenario including a combination ofprocedures of multi-factor authentication required for a terminal toreceive provision of a service in association with the service, andstoring in the storage unit, in association with each of the procedures,a probability that the procedure will succeed;

calculating a success probability of the service through the scenariobased on the probability regarding the procedure, to evaluate at leastone of security and usability based on the success probability; and

-   -   controlling the service to the terminal, according to the        evaluation result.

According to the present invention, there is provided a non-transitorycomputer readable recording medium (a semiconductor memory, amagnetic/optical/recording medium, etc.) in which the above program isrecorded.

The present invention makes it possible to dynamically change and use acombination of authentication. Still other features and advantages ofthe present invention will become readily apparent to those skilled inthis art from the following detailed description in conjunction with theaccompanying drawings wherein only exemplary embodiments of theinvention are shown and described, simply by way of illustration of thebest mode contemplated of carrying out this invention. As will berealized, the invention is capable of other and different embodiments,and its several details are capable of modifications in various obviousrespects, all without departing from the invention. Accordingly, thedrawing and description are to be regarded as illustrative in nature,and not as restrictive.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is a diagram illustrating an example of elements in multi-factorauthentication.

FIGS. 2A to 2D are diagrams illustrating a serial procedure, a parallelprocedure, and combinations thereof.

FIG. 3A is a diagram illustrating a smartphone function in a tabularform, and FIG. 3B is a diagram illustrating a relation betweenprocedures and probabilities in a table format.

FIG. 4A is a diagram illustrating a relationship between a cost and asecurity parameter in a table format, and FIG. 4B is a diagramillustrating a relationship between a scenario, an attack probability,and a failure probability of a user in a table format.

FIG. 5 is a diagram illustrating a configuration example of a systemaccording to an embodiment.

FIG. 6 is a diagram for explaining an example of scenario selection foreach service.

DETAILED DESCRIPTION

The following describes at first an outline of the present invention andthen embodiments.

In the below,

-   (A) Necessity for considering a plurality of scenarios regarding    available means for performing multi-factor authentication in a    smartphone or the like, will be described.-   (B) When there are multiple scenarios for providing services,    security evaluation using respective probabilistic models is    necessary. Therefore, update of security evaluation will also be    described.-   (C) Further, how to select the scenario in the actual service, etc.,    by performing not only evaluation of security, but also evaluation    of user's convenience in the same way, and continuing to update    results of the both evaluations, will be described.

Examples of functions on smartphones will be listed and analysis about afact that multi-factor authentication combining multiple elements ispractically applicable as authentication means. Further, what kind ofmodel is good as a framework for security evaluation of multi-factorauthentication. The following describes how to utilize this model.

A smartphone has an Internet connection function, wherein an applicationinstalled on the smartphone is able to provide various services byutilizing the Internet function. Many of services provided via theInternet require authentication, and there is a need to verify“identity” of a user. There is a secure element as an effectiveauthentication means for ascertaining “identity”. In addition, means forinputting information depending on user's memory and a plurality ofsensors are incorporated in the smartphone. The following gives listingexamples of functions of smartphones and investigation on whatauthentication scenarios in future can be conceived in smartphones.

Functions of a smartphone configured to be able to interact with a userwill be described. Here, a plurality of functions are enumerated, butthere is a case where each function is not limited only to input or thelike. The description is given mainly regarding to which one(input/output) the function is used.

When a user performs some operation on a smartphone, the user informs arequest to the smartphone through an input appliance of the smartphone.Possible inputs on commercially available devices are as shown in the“input devices” column of FIG. 3A. Although not particularly limitedthereto, in the smartphone of this example, there are provided a touchpanel, a microphone, a button, a camera, a fingerprint sensor, and thelike, as input devices.

Among the sensors, a gyro sensor (acceleration sensor) detects a motion(gesture) taken by a user holding a smartphone. A GPS (GlobalPositioning System) sensor detects a position of a smartphone. Anoptical sensor detects ambient light (illuminance), for example. AGeiger counter is, for example, a radiation detector of a smartphoneconnected type. As objects externally connected by the smartphoneconnects, there are a mobile phone network, Bluetooth (registeredtrademark of Bluetooth SIG, Inc), NFC (Near Field Communication),Wireless Fidelity (WiFi: WiFi Alliance USB (Universal Serial Bus), CTIA(Cellular Telephone Industries Association), and the like. Outputsinclude a display apparatus, a speaker, a light, and vibration by avibrator, a memory, a SD card, and so forth, of a smartphone. Secureelement is a secure area for managing confidential information. Thereare provided Carrier SIM, TPM (Trusted Platform Module), Felica(registered trademark of Sony Corporation), software SIM, cloud SIM, andthe like.

Even with a tamper resistant apparatus, there may be a danger thatsafety will be threatened by multiple attacks. Accordingly, there is aneed to consider safety in a certain time axis.

There are such smartphones that have already been used as standaloneauthentication, and those that have already been realized asmulti-factor authentication by combining multiple authentications. Eachprocedure is realized by combining elements with each of the functionsof the smartphone as an element.

For example, when inputting an ID and inputting a password, a procedureof ID-password authentication is realized by combining functions of thesmartphone, as illustrated in FIG. 1. By combining such procedures, forexample, the following multi-factor authentication can be realized.

-   Activate a corresponding function in SIM by biometric    authentication, login (input of fingerprint, voice, input pattern    etc);-   Activate a corresponding function by a wearable terminal, login    using a terminal ID; and-   Activate a corresponding function by a contactless card, login using    terminal ID.

In this way, multi-factor authentication with a combination of aplurality of elements (functions) has become feasible. However,multi-factor authentication is limited to restricted use in a systembased on use of dedicated tokens (for example, a one token generated bya hardware or the like) or use of a random number table given inadvance. Therefore, it is not necessary to provide a unified evaluationaxis of multiple elements. Regarding load on a system and user,especially usability, comparison with and analysis of security have notyet been performed.

For example, a smartphone equipped with functions applicable tomulti-factor authentication, on which are mounted such as a plurality ofsensors and a secure element(s), are being used. Since a framework thatenables frequent updating (update) of an application is also systemized,flexible modification of elements is also necessary. On the other hand,it is difficult to stop providing services started. Therefore, aviewpoint of continuity must also be considered.

Thus, there is a need for a framework for dynamically evaluating thesafety of multi-factor authentication towards realizing a unified,flexible, and sustainable service.

According to the present invention, evaluation criteria (evaluationaxis) of multi-factor authentication is configured by using aprobabilistic model of security and usability for each scenario so thatcontinuous service can be provided, for example, changes in securityenvironment etc. We propose a framework to dynamically change thecorresponding authentication method.

In the following, the multi-factor authentication according to thepresent invention will be described in more detail.

<Authentication>

“Authentication” means verification of the identity between the“executing entity” of a certain act and the “registration information”performed by the subject in the state via the network, whereby theperson whose execution subject is registered (Or apparatus) (seeNon-Patent Literature 5, for example).

Hereinafter, the execution subject of an action is assumed to be theuser u ∈ U. Here, U represents a set of the entire user. In a scenewhere authentication is required, when a user receives a certain servicesrvc, the service provider confirms the authority as to whether or notthere is authorization to receive the service in a certain transactiontra.

Assuming as a scene where confirmation of authority is required is notnecessary for services that can be done to anyone. On the other hand,authentication is required for services that only authorized persons canreceive. It is assumed that the authorized user u is receiving theservice srvc with an intention.

In addition, the transaction tra is performed via online. As an onlineservice, for example, a site intended for communication such as a Webshopping site or an EC (Electronic Commerce) site such as an auction,SNS (Social Networking Service) is assumed. In these sites, when theuser u intends to use the user u, the user u asks the provision of theservice (at the time of system registration, etc., it is not a servicethat the user u does not continuously access by only setting once). Forthis reason, the system frequently asks the user u seeking to providethe service, for authentication. When receiving such a service, the userdoes not directly connect to the network, but connects to the Internetvia a terminal (smartphone, PC) etc. possessed by the user or the like.It is noted that in the description below, a user u is supposed toreceive a service even when the service is provided to a terminal or thelike.

In biometric authentication, in spite of a fact that a user u tries toinput correct biometric information, the information may not becorrectly acquired, for example, because the user fails to ground thefingerprint at the time of input, for example. Further, erroneousdetection may occur in which the input is recognized as one of an inputuser u of a person different from the user u. In the below, it isassumed that an authentication result of each element is uniquelydetermined in biometrics authentication, and is detected in a case wherelater tracking is possible as to whether the value is correct orincorrect.

First, when receiving a certain service srvc, a user u logs in by usingplural elements such user's memory of ID and password, utilization of arandom number table, etc. Existence of an attacker α ∈ A trying toimpersonate the user u (A is a set of attackers) is supposed.

When the user u receives a certain service, multi-factor authenticationis performed. In a case where there are provided a plurality ofauthentication elements (touch panel, sensor, etc.), as in the case of asmartphone, etc., selection and combination of authentication elementsare supposed to be different for each service.

Depending on a service, a combination of a plurality of authenticationelements may be selected.

<Scenario>

Such a combination of authentication elements is called a “scenario”.

-   <Procedure (Factor)>

S′=((f ₁), (f ₂), . . . (f _(n))) (n ∈ N)

In a combination of authentication elements, it is assumed that it ispossible to arrange a plurality of procedures (factors) f ∈ F (F is aset of procedures) of the scenario S in a predetermined order (thefollowing expression (1)). Here, the procedure (factor) f ∈ F refers toan authentication element based on storage such as ID and password orfingerprint authentication.

<Scenario and Procedure>

S=(f ₁, 1), (f ₂, 2), . . . (f _(n) , n)) (n ∈ N)   (1)

The scenario can be represented without setting an order of procedure f.In that case, the scenario shall be given by the following equation (2).

S′=((f ₁), (f ₂), . . . (f _(n))) (n ∈ N)   (2)

<Element>

Each procedure is composed of a plurality of elements e ∈ E (E is a setof elements).

Here, an element is an action necessary for each procedure f.

<Procedures and Elements>

Procedure f is composed of one or a plurality of elements as shown inthe following expression (3), for example.

f=((e ₁, 1), (e ₂, 2), . . . , (e _(n) , n)) (n ∈ N)   (3)

For example, suppose that a scenario S such as a combination of ID,password and fingerprint authentication is selected. The scenario S isrepresented by the following equation (4), for example.

S=((f ₁, 1), (f ₂, 2))=(((e ₁, 1), . . . ), ((e ₂, 1), . . . ))   (4)

Here, S consists of ID password authentication and fingerprintauthentication. f₁ is an ID password authentication element, and f₂ is afingerprint authentication element.

Each one such as (e₁, 1), (e₂, 1) is an element as illustrated in FIG. 1(input, calculation, etc.)

As each authentication result, each f returns 1 if it is determined thatthe authentication is correct, and 0 if the authentication is notcorrect, it returns binary (0, 1) of 0.

In providing the service to the user u, the scenario S which is acombination of authentication elements is not always one. Combination ofmultiple scenarios is also possible because it is possible to selectmultiple authentication elements. That is, there are a plurality ofscenarios, selection thereof being enabled. Thus, when one scenario (acombination of certain authentication elements) cannot be used for theuser u, it is possible to select another scenario (another combinationof authentication elements). Thus, it is made possible to providecontinuous service provision to the user u.

The following describes how respective elements become related inconducting multi-factor authentication. Two patterns of scenarios,serial and parallel, can be considered in multi-factor authentication.

<Series Procedure>

Authentication progresses step by step. For example, asking for inputfrom the random number table after asking for ID and password input is aserial procedure.

As shown in FIG. 2A, after performing a certain procedure f₁, a requestfor f₂ as a next procedure is performed, and then a procedure f₃ isperformed, there is a case where each of authentications is connected inmultiple stages. This procedure is called a serial procedure. In thiscase, a scenario S is expressed by the following equation (5).

S=((f ₁, 1), (f ₂, 2), . . . (f _(n) , n)) (n ∈ N)   (5)

In the equation (5), the order of the procedures (f₁, 1), (f₂, 2), . . .(f_(n), n) has a meaning as a multi-level authentication order.

<Parallel Procedure>

Authentication performs evaluation in parallel. For example, such a casewhere ID of a SIM card of a smartphone is confirmed in parallel withinput of user's ID and password. For example, as shown in FIG. 2B,confirming a procedure f_(i+1) and another procedure f_(i+2) in parallelis termed as “parallel procedure”. In this case, the scenario S isexpressed by the following equation (6).

S=((f ₁, 1), (f ₂, 2), (f _(n) ,n)) (n ∈ N)   (6)

In the equation (6), an order of procedures (f₁, 1), (f₂, 2), . . . r_(n) , n) has no meaning. Therefore, the equation (6) is denoted by thefollowing equation (7).

S′=((f ₁), (f ₂), . . . (f _(n))) (n ∈ N)   (7)

There is a case where a system may be configured by combining a serialprocedure and a parallel procedure. FIG. 2C illustrates a combination ofserial procedure scenarios S1, S2, and S4 and parallel procedurescenario S3′ in series. FIG. 2D is a diagram in which the scenario S3′of the parallel procedure is expanded and represented by the followingexpression (8).

$\begin{matrix}\begin{matrix}{S_{all} = \left( {S_{1},S_{2},S_{3}^{\prime},S_{4}} \right)} \\{= \left( {S_{1},S_{2},\left( {f_{3 - 1},f_{3 - 2},f_{3 - 3}} \right),S_{4}} \right)}\end{matrix} & (8)\end{matrix}$

Next, serial authentication and probability of success in the presentembodiment will be described.

<Probability of Success Per Procedure>

The probability of success for each procedure will be described usingFIG. 3B. An authentication procedure is assumed to be f ∈ F, wherein theprocedure f returns 1 if it succeeds and 0 if it fails.

When using the procedure f, performing the procedure with ID of a useru, is denoted as f (u). The procedure which returns 1 is denoted as f⁺,and the procedure which returns 0 is denoted as f⁻.

Let f⁺(u) be a procedure in which a user u performs a procedure f usingID of u, and which returns 1, and let a probability thereof bep(f⁺(u)|u).

Let a probability that an attacker a trying to succeed by impersonatingu will succeed be p(f⁺(u)|a).

Next, let a probability of failure in a case wherein u fails theprocedure f, be p(f⁻(u)|u). The following equations (9) and (10) hold(see FIG. 3B).

p(f ⁺(u)|u)+p(f ⁻(u)|u)=1   (9)

p(f ⁺(u)|a)+p(f ⁻(u)|a)=1   (10)

When a scenario S contains only one procedure f, the probabilityp(f⁺(u)|u) is a probability of success for S.

When using knowledge, the probability of success may be 100% for aperiod of time. This is because, inherently, an application such as abrowser memorizes contents (password corresponding to ID) that a user ushould memorize, so that the application may play a role of user'smemory.

In this case, the user cannot fail and hence the probability p(f⁺(u)|u)is, always, p=1, that is, succeeds.

On the other hand, in a case of biometric authentication, sincefluctuation or the like occurs at a time of input of biometricinformation of a user, a success probability cannot be 1. That is, thesuccess probability can only be p<1.

<Probability of Multi-Factor Authentication Per Scenario>

It is assumed that a user u selects a scenario S as a combination ofauthentication elements and performs a plurality of procedures f₁ tof_(n).

S=(f ₁(u), . . . , f _(n)(U)) (n ∈ N)   (11)

Here, a probability that the user u succeeds the procedure f with ID uis denoted as p(f⁺(u)|u).

A probability that the user u will succeed through the scenario S isdenoted as p(S⁺|u).

Here, a scenario for authentication of the user u is defined in aparallel procedure and a serial procedure, using a probability, asfollows.

<Success Probability of Parallel Procedures>

Let the procedure f be all parallel in the scenario S. In the case ofparallel procedures, assuming that a success probability of eachprocedure and other procedure is independent, the probability p(S⁺(u)|u)of success through the scenario S is given by the following equation(12).

p(S ⁺(u)|u)=p(f ₁ ⁺(uu)×p(f ₂ ⁺(u)|u)× . . . ×p(f _(n) ⁺(u)|u)   (12)

When an attacker impersonates the user u to try authentication, theprobability p(S⁺(u)|a) of success through the scenario S is expressed bythe following equation (13).

p(S ⁺(u)|a)=p(f ₁ ⁺(u)|a)×p(f ₂ ⁺(u)|a)× . . . ×p(f _(n) ⁺⁾⁽ u)|a)  (13)

<Serial Procedure and Prior Probability>

Scenario S in which serial procedures are combined:

S=(f ₁(u), . . . , f _(n)(u)) (n ∈ N)   (14)

A probability p(S⁺(u)|u) for the user u to succeed the scenario S is asfollows.

In the case of serial procedures, an occurrence probability of an eventvaries, when a correlation exists, due to a fact that f₁, . . . , andf_(i-1) have been performed before the procedure f_(i)(i ∈ N) isperformed. Here, in consideration of a prior probability, theprobability p(S⁺(u)|u) is given by the following equation (15).

$\begin{matrix}{{p\left( {{S^{+}(u)}u} \right)} = {{p\left( {{f_{1}^{+}(u)}u} \right)} \times {p\left( {{f_{2}^{+}(u)}{{uf}_{1}^{+}(u)}} \right)} \times {.{p\left( {{f_{3}^{+}(u)}{{{uf}_{1}^{+}(u)}{f_{2}^{+}(u)}}} \right)}} \times \ldots \times {p\left( {{f_{n}^{+}(u)}{u{\prod\limits_{i = 1}^{n - 1}\; {f_{i}^{+}(u)}}}} \right)}}} & (15)\end{matrix}$

A probability p(S⁺(u)|a) that an attacker a succeeds in the scenario Sof the equation (14) is given by the following equation (16).

$\begin{matrix}{{p\left( {{S^{+}(u)}a} \right)} = {{p\left( {{f_{1}^{+}(u)}a} \right)} \times {p\left( {{f_{2}^{+}(u)}{{af}_{1}^{+}(u)}} \right)} \times {.{p\left( {{f_{3}^{+}(u)}{{{af}_{1}^{+}(u)}{f_{2}^{+}(u)}}} \right)}} \times \ldots \times {p\left( {{f_{n}^{+}(u)}{a{\prod\limits_{i = 1}^{n - 1}\; {f_{i}^{+}(u)}}}} \right)}}} & (16)\end{matrix}$

<Probability Calculation of Combination of Parallel Procedure and SerialProcedure>

A probability p(S⁺(u)|a) that the user u succeeds in the scenario Scombined with a parallel procedure and a serial procedure is given bythe following equation (17).

$\begin{matrix}\begin{matrix}{{p\left( {{S^{+}(u)}u} \right)} = {{p\left( {{f_{1}^{+}(u)}u} \right)} \times {p\left( {{f_{2}^{+}(u)}{{uf}_{1}^{+}(u)}} \right)} \times {.{p\left( {{f_{3}^{+}(u)}{{{uf}_{1}^{+}(u)}{f_{2}^{+}(u)}}} \right)}} \times \ldots \times {p\left( {{S_{n}^{+}(u)}{u{\prod\limits_{i = 1}^{n - 1}\; {f_{i}^{+}(u)}}}} \right)}}} & \;\end{matrix} & (17)\end{matrix}$

In the equation (17), a parallel probability can be calculated, assumingthat there is no prior probability, and can be generalized to a serialprocedure.

<Application Example of Multi-Factor Authentication Probability>

Next, an application example of the multi-factor authenticationprobability in the embodiment will be described.

There are services, such as smartphones, that utilize multipleauthentication schemes. An example of application to a technique forcontinuously and dynamically evaluating such services will be described.In the present embodiment, security parameters and usability parametersused when evaluating services will be described.

It is important to evaluate security in authenticating multipleelements. In authentication, it is desirable that a user u alwayssucceeds for each procedure, and an attacker a does not succeed. Inother words, it is desirable that a probability that attacker a willsucceed is 0. When attackers a₁, . . . and a_(n) are present, aprobability that a certain procedure 1 will succeed is desirable tosatisfy

p(S ⁺(u)|a _(i))=0   (18).

However, each procedure can not completely set the probability ofattacker's success to 0, when releasing a service at a certain time t0.Therefore, security evaluation is required. What is considered as asecurity evaluation here, is such that security evaluation is set so asnot to exceed a security parameter k, when attacks with a low skilllevel such as a brute force attack are being performed.

Therefore, a service srvc is started, with the security parameter k setas follows.

p(S ⁺(u)|a)<k   (19)

It can be said that some countermeasure is necessary, when the securityevaluation becomes the security parameter k or more as a result of anattacker a making an attack against the user u.

Even if security is high for the user u, usability would not be goodwith such a mechanism in which input by the user u is always refused.For example, in order to give emphasis on usability alone and to setinput of a user to always succeed in each procedure, it is necessary toaim at constructing a system in which the following holds.

p(S ⁺(u)|u)=1   (20)

Since it is expected that there is no input that is always constant,such as input errors by a user or input fluctuation in biometricauthentication, it is not realistic to construct a system in whichuser's input is always successful.

Therefore, a service srvc is started with a usability parameter ub setas follows.

p(S ⁺(u)|u)>ub   (21)

There is also a need to consider usability regarding whether or not aflow of a scenario S selected is easy to use for the user. For example,regarding the usability parameter ub′ of the scenario S itself, theservice srvc is started with the usability parameter satisfying acertain level. Thereafter, the usability parameter ub′ is regarded asincluded in the usability parameter ub.

Values of the security parameter k and the usability parameter ub arenot necessarily unique. A flexible handling of parameters may beimplemented, such as, when transferring a small amount money to anaccount to which the user have deposited money by bank transfer manytimes in the past, selecting a higher security parameter k, whileselecting a lower security parameter k when transferring a high amountof money to an account number to which the user has never transferred.

In this way, consideration is needed regarding selection of a securityparameter k according to a service to be provided, and conversely,regarding provision of a service according to a security parameter k.Similarly, a scenario may be selected depending on the securityparameter k, or conversely, a security parameter k may be set accordingto a scenario.

The usability parameter ub often may modify a service. For example, asystem with high security is generally desired, but it is notnecessarily appropriate in terms of service to construct an excessivesecurity system. Regarding this issue, consideration is needed to aquality of an entire service by taking into account of security, user'susability, etc., and it is difficult to make a judgment.

Therefore, as shown in FIG. 4A, it is important to be able to set eachparameter for each of services srvc1, srvc2, and srvc3. For eachservice, a security parameter and a usability parameter are set. A costcolumn is a cost of each service.

<Update in Multi-Factor Authentication>

Next, updating of values in multi-factor authentication according to thepresent embodiment will be described.

Safety of each procedure in a scenario is not necessarily as set at astart of a service. There is always a possibility that an attack againsteach procedure may be proposed, and a system may compromised fromimproving computer performance, which is different from a setting time(an object is exposed to security risk due to some act or change ofsituation). Consideration should be also given to lowering of safetycaused by abrupt increase of attacks in a certain period, such asfrequent attacks on a specific date, for example.

Sometimes it is necessary to suddenly reduce safety of a certainprocedure due to popularity of attacks that cannot be found with asystem alone. That is, the success probability of each element may bechanged (decreased) depending on various factors. On the other hand,services need to be continuously provided. Emphasis on servicecontinuity while implementing countermeasures, rather than stopping theservice on a day when an attack occurs, may be needed.

Instead of being forced to a new authentication scheme each time, suchflexibility and convenience are important are important for a user,wherein the user can flexibly reconcile with other schemes, and canchange to other schemes prepared to some extent, while using a currentlyused authentication scheme.

Therefore, “update of value” is required to reflect past experiences andpredictions, respond to attacks suddenly becoming popular, reflectgradually increasing attacks, etc.

It is assumed that a success probability is continued to be evaluatedwith a probability of success up to time t_(i) (i ∈ N, N is a positiveinteger of 1 or more) evaluated by a success probability up to a certaintime t_(i-1). In this case, a value of a success probability p(S⁺i(u)|a)may continue to change as long as a scenario S_(i)(i ∈ N) with a servicesrvc is performed.

Also, it is possible to accurately estimate a risk of a system bycontinuing to update a frequency of success probability of a user and anattacker accurately, even for an event such as an occurrence of anattack.

Since a system may be managed by a system administrator(s) or the likein providing service, when it is judged that there is an attack,predicting that the probability of success suddenly changes, takingcorresponding countermeasures by judging increase of attacks to otherusers, or taking corresponding countermeasures by judging that a valueof p can change suddenly, may be performed.

Especially, it is necessary to take countermeasures if it is predictedthat a high-level attack will be performed on the service, or, if somehigh-level attack on the service are found to be carried out here andthere. High level attacks include a password list attack in case of IDpassword authentication and an attack on biometric authenticationincluding a gummy finger and a wolf attack, for example.

Response to a case where some attacks at time ti ∈ T are increased byprediction such as rapid increase of attack at a certain time:

At the time t_(i), a value of the success probability p(S⁺,(u)|a)decided by an administrator is replaced by a value of a securityparameter k′ set in advance.

In this case, p(S⁺ _(i)(u)|a) of all users are changed. The value of thesecurity parameter k′ is not necessarily unique. The value of thesecurity parameter k may be changed to various values depending on anattack level.

A success probability p(S⁺ _(i)(u)|a) is not measured only for each useru_(i), but a value of success probability for a plurality of users isalso observed. For each service S, if p(S⁺|a) of predetermined j numberof users out of users u ∈ E (U is a set of users) exceeds the securityparameter k, p(S⁺|a) of other users not included in j number of usersmay be replaced with the security parameter k′.

It is also expected that service will be attacked due to attacks causedby others such as leakage of password list. When such a prediction ismade, a value of p(S⁺ _(i)|a) determined by an administrator may bereplaced with a value of the preset security parameter k′ at a certaintime point (time) ti.

<Changes in Multi-Factor Authentication Probability and Scenario Change>

When a success probability p(S⁺|a) of an attacker of a scenario Sexceeds a security parameter k, it is necessary to change a procedure ofthe service. In this case, for example, a change of the scenario or arefusal of the service srvc is performed. When the success probabilityp(S⁺|a) exceeds the security parameter k at a certain time t,countermeasures such as changing the scenario S are taken. Below, somecountermeasures will be explained. When the service srvc is beingprovided, the security parameter k is calculated for each scenario.p(S⁺(u_(j))|a) is an evaluation from a security point of view, andp(S⁺(u_(j))|u) is an evaluation from a usability point of view.

As shown in FIG. 4B, not only a success of an attack for each scenariobut also an extent to which the user of each scenario fails, etc., areincluded in an evaluation, thereby making it possible to construct amore easy to use system.

In providing the service to a user u_(j), the service srvc is started soas to satisfy following conditions:

p(S ⁺(u _(j))|a)<k   (22)

p(S ⁺(u _(j))|u)>ub   (23).

When p(S⁺(u_(j))|a) for user u_(j) exceeds the security parameter k, inthe scenario Si , service provision through the scenario S may bestopped and a service srvc with the scenario S satisfyingp(S⁺(u_(j))|a)<k may be accepted.

When changing a scenario, consideration inclusive of evaluation ofusability and impact on the service need to be performed. As to whichscenario is to be accepted next, for each scenario S, it is necessary toconsider a relationship between user's fail rate and the usabilityparameter ub, by utilizing FIG. 4 and to present the next scenario. Anorder of scenarios cannot be evaluated with a value of p(S⁺(u_(j))|a)alone.

In the present embodiment, there is a case where a completely newscenario is set up after evaluation in each scenario is performed. Inproviding a service, there is a case where the service itself is changeddue to security measures. For example, temporarily lowering the maximumamount of bank transfer, lowering a chargeable amount, etc. In thiscase, there is a need to select an appropriate service while comparingFIG. 4A with FIG. 4B.

In an entirety of scenarios that the service srvc can take, whenp(S⁺|a)>k, a service provider stops the service srvc. Even whenconvenience of a user significantly is reduced, the service srvc isstopped, in consideration of the usability ub of the scenario S.

<Operational Effects>

According to the present embodiment, due to widespread use of advancedfunctions mobile terminals, etc., scenarios for multi-factorauthentication can be changed after service is started. A unifiedmechanism that continuously evaluates multi-factor authenticationdynamically can be implemented. As to selection of an authenticationscheme, measures such as change of a scenario, i.e., update of a successprobability for each scenario, for example, are performed, when securityevaluation of authentication alone as determined at the start of theservice is inadequate.

<System Configuration Example>

Next, an example of the above-described multi-element authenticationsystem will be described. FIG. 5 is a diagram illustrating an example ofa system configuration of the present embodiment. Referring to FIG. 5,the system includes a multi-factor authentication apparatus 20 includinga server apparatus or the like connected via a network 30. The network30 includes, for example, a radio access network, a mobile communicationnetwork, an Internet network, and so forth. The multi-factorauthentication apparatus 20 composed of a server apparatus may beinstalled in a server apparatus that provides a service to a client ormay be configured as a server apparatus that is different from a serverapparatus that provides a service to a client.

The multi-factor authentication apparatus 20 includes a storage unit 21that stores a scenario S composed of a combination of procedures f ofmulti-factor authentication required for receiving service provision, inassociation with the service (see, for example, FIG. 6), and thatstores, in correspondence with each procedure f (see FIG. 3B), aprobability that a procedure will succeed, an evaluation means(evaluation unit) 23 that calculates a success probability through ascenario S of the service, based on the probability regarding theprocedure, and evaluates at least one of security and usability based onthe success probability, and a control means (control unit) 24 thatcontrols a service to be provided according to an evaluation result bythe evaluation unit 23. Security parameter k and usability parameter ubare stored and managed in the storage unit 21 corresponding to theservice (see FIG. 4A). A management unit (management unit) 22 performsupdate management such as setting, holding, or changing a procedure fcorresponding to a scenario stored in the storage unit 21, a probabilitythat the procedure f will succeed, a security parameter k for theservice, and the usability parameter ub I do. At least one or all ofthese means (each unit) may be realized by a program executed by acomputer (processor, CPU (Central Processing Unit)) of the serverapparatus 20. The program is stored and held in a computer readablememory (for example, a medium such as a semiconductor storage, amagnetic/optical recording medium, etc.).

In the present embodiment, the control means 24 may control start,continuation, or stop of the service based on the evaluation result ofthe evaluation means 23.

In the present embodiment, the evaluation means 23 evaluates a successprobability p (S⁺(u)|u) of a user u (user who receives a service)through the scenario S of the service (srvc) and a success probability p(S⁺(u)|a) of an attacker a (attacker using the service). The securityparameter k to be compared with the success probability p (S⁺(u)|a) bythe attacker, and the usability parameter ub to be compared with theuser's success probability p (S⁺(u)|u) are evaluated.

In the present embodiment, the control means 24 starts or continues theservice (srvc) through the scenario S, on a condition that the successprobability p(S⁺(u)|a) by the attacker a through the scenario S of theservice (srvc) is less than the security parameter k (equation (22)),and the success probability p(S⁺(u)|u) of the user u through thescenario S of the service (srvc) is greater than the usability parameterub (Expression (23)).

In the present embodiment, when the success probability p(S⁺(u)|a) bythe attacker a through the scenario S of the service (srvc) exceeds thesecurity parameter k, the control means 24 may stop the service (srvc)through the scenario S, change the scenario S to a scenario S′ in whichthe probability of success by the attacker a is less than the securityparameter k, and provide the service (srvc) through the scenario S′.

In the present embodiment, each procedure (f) is expressed as aprocedure f which returns 1 when the procedure (f) succeeds and returns0 when the procedure (f) fails, and the probability includes probabilityp(f^(±)(u)|) and p(f⁺(u)|a) that each procedure f performed by each ofthe user u and attacker a succeeds and returns 1.

In the present embodiment, in the evaluation means 23, calculates thesuccess probability of the user through the scenario S of the service(srvc), and the probability of success by the attacker, according to theprocedure f constituting the scenario S in parallel connection, serialconnection, or a combination thereof (see the above equations (15) to(17)).

FIG. 6 is a diagram for explaining an example of processing of theevaluation means 23 of FIG. 5. In FIG. 6A, in a column of p(S⁺(u)|a) foreach scenario, a symbol O indicates that the success probability p(S⁺(u)|a) by the attacker a through the scenario is less than thesecurity parameter k1 set for the service 1 (Expression (22)) and asymbol x indicates that p (S⁺(u)|a) exceeds (is greater than) thesecurity parameter k1. In a column of p(S⁺(u)|u), a symbol O indicatesthat the success probability p (S⁺(u)|u) by the user u through thescenario is greater than the usability parameter ub1 set for the service1 (Expression (23)), and a symbol x indicates that p (S⁺(u)|u) is lessthan or equal to the usability parameter ub1.

It is assumed that the service 1 in FIG. 6A includes scenarios A1 to A5.The evaluation means (23/16 of FIG. 5), for each of the scenario A1 tothe scenario A5, checks whether or not a condition that the successprobability p (S⁺(u)|a) by the attacker a through the scenario is lessthan the security parameter k1 and the success probability p (S⁺(u)|u)of the user u is greater than the usability parameter ub1, is met. Inthe example of FIG. 6A, only the scenario A2 satisfies the condition. Asdescribed above, when the success probability p(S⁺(u)|a) by the attackera exceeds k, the service provision through the scenario S may be stoppedand a service through the scenario A2, and A5, both satisfyingp(S⁺(u_(j))|a)<k may be accepted.

It is assumed that service 2 in FIG. 6B includes scenario B1 to scenarioB4, and security parameters k2 and usability parameters ub2 are set forthe service 2. The evaluation means (23/16 of FIG. 5), for each of thescenarios B1 to B4, checks whether a condition that the successprobability p (S⁺(u)|a) by the attacker a through the scenario is lessthan the security parameter k2 and the success probability p (S⁺(u)|u)of the user u is greater than the usability parameter ub2, is met. Inthe example of FIG. 6B, only the scenarios B2 and B3 satisfy thecondition, and the scenarios B1 and B2 do not satisfy the conditionconcerning security and usability (equations (22) and (23)).

It should be noted that the example illustrated in FIG. 6 and so forthis only for the sake of explaining an evaluation example of multi-factorauthentication, and the present invention as a matter of course is notlimited to the example configuration.

Each disclosure of the above-listed Non Patent Literature isincorporated herein by reference. Modification and adjustment of eachexemplary embodiment or each example are possible within the scope ofthe overall disclosure (including the claims) of the present inventionand based on the basic technical concept of the present invention.Various combinations and selections of various disclosed elements(including each element in each claim, each element in each example,each element in each drawing, and so on) are possible within the scopeof the claims of the present invention. That is, the present inventionnaturally includes various variations and modifications that could bemade by those skilled in the art according to the overall disclosureincluding the claims and the technical concept.

The above-described embodiments may be annexed, for example, as follows(but not limited thereto).

(Supplementary Note 1)

-   -   A multi-factor authentication apparatus communicatively        connecting to a terminal to perform multi-factor authentication,        comprising:

a storage unit that stores a scenario including a combination ofprocedures of multi-factor authentication required for the terminal toreceive provision of a service in association with the service, andstores, in association with each of the procedures, a probability thatthe procedure will succeed;

an evaluation means that calculates a success probability of the servicethrough the scenario based on the probability regarding the procedure toevaluate at least one of security and usability based on the successprobability; and

a control means that controls the service to the terminal, according tothe evaluation result.

(Supplementary Note 2)

The multi-factor authentication apparatus according to supplementarynote 1, wherein the control means controls start, continuation, or stopof the service to the terminal based on the evaluation result.

(Supplementary Note 3)

The multi-factor authentication apparatus according to supplementarynote 1 or 2, wherein the evaluation means calculates a successprobability of a user through a scenario of the service and a successprobability by an attacker, and evaluates a security parameter to becompared with the success probability by the attacker and a usabilityparameter to be compared with the success probability of the user, and

-   -   the control means controls start or continuation of the service        to the terminal, on a condition that the success probability by        the attacker through the scenario of the service is less than        the security parameter, and the success probability of the user        through the scenario of the service is greater than the        usability parameter.

(Supplementary Note 4)

The multi-factor authentication apparatus according to supplementarynote 3, wherein, when the success probability by the attacker throughthe scenario of the service exceeds the security parameter,

-   -   the control means stops service provision through the scenario        to the terminal, changes to such a scenario that the success        probability by the attacker through the scenario of the service        is less than the security parameter, and then controls so as to        provide the service to the terminal.

(Supplementary Note 5)

The multi-factor authentication apparatus according to any one ofsupplementary notes 1 to 4, wherein each of the procedures isrepresented as a procedure f which returns 1 when the procedure issuccessful and returns 0 when the procedure fails, and

-   -   the probability includes a probability that the procedure f        performed by each of a user and an attacker will succeed and        return 1, wherein the evaluation means calculates the success        probability of the user through the scenario of the service and        the success probability by the attacker in accordance with the        procedures constituting the scenario, being arranged in parallel        connection, serial connection, or a combination thereof.

(Supplementary Note 6)

The multi-factor authentication apparatus according to any one ofsupplementary notes 1 to 5, comprising

-   -   a management means that manages setting, holding, or changing of        the procedure for the scenario stored in the storage unit,    -   a probability that the procedure will succeed, and    -   at least one of security and usability for the service.

(Supplementary Note 7)

A server apparatus including the multi-factor authentication apparatusaccording to any one of supplementary notes 1 to 6.

(Supplementary Note 8)

An authentication system comprising a terminal and a multi-factorauthentication apparatus according to any one of supplementary notes 1to 6.

(Supplementary Note 9)

A multi-factor authentication method comprising:

-   -   storing in a storage unit a scenario including a combination of        procedures of multi-factor authentication required for a        terminal to receive provision of a service in association with        the service, and storing in the storage unit, in association        with each of the procedures, a probability that the procedure        will succeed;    -   calculating a success probability of the service through the        scenario based on the probability regarding the procedure, to        evaluate at least one of security and usability based on the        success probability; and    -   controlling the service to the terminal, according to the        evaluation result.

(Supplementary Note 10)

The multi-factor authentication method according to supplementary note9, comprising

-   -   controlling start, continuation, or stop of the service to the        terminal based on the evaluation result.

(Supplementary Note 11)

The method according to supplementary note 9 or 10, comprising:

-   -   calculating a success probability of a user through a scenario        of the service and a success probability by an attacker, and        evaluating a security parameter to be compared with the success        probability by the attacker and a usability parameter to be        compared with the success probability of the user; and    -   controlling start or continuation of the service to the        terminal, on a condition that the success probability by the        attacker through the scenario of the service is less than the        security parameter, and the success probability of the user        through the scenario of the service is greater than the        usability parameter.

(Supplementary Note 12)

The method according to supplementary note 11, comprising:

-   -   when the success probability by the attacker through the        scenario of the service exceeds the security parameter,    -   stopping service provision through the scenario to the terminal,    -   changing to such a scenario that the success probability by the        attacker through the scenario of the service is less than the        security parameter, and    -   then controls so as to provide the service to the terminal.

(Supplementary Note 13)

The method according to any one of supplementary notes 9 to 12, whereineach of the procedures is represented as a procedure f which returns 1when the procedure is successful and returns 0 when the procedure fails,and

-   -   the probability includes a probability that the procedure f        performed by each of a user and an attacker will succeed and        return 1, the method comprising    -   calculating the success probability of the user through the        scenario of the service and the success probability by the        attacker in accordance with the procedures constituting the        scenario, being arranged in parallel connection, serial        connection, or a combination thereof.

(Supplementary Note 14)

A program causing a computer communicatively connecting to a terminal toperform multi-factor authentication to execute:

-   -   processing of storing in a storage unit a scenario including a        combination of procedures of multi-factor authentication        required for a terminal to receive provision of a service in        association with the service, and storing in the storage unit,        in association with each of the procedures, a probability that        the procedure will succeed;    -   evaluation processing of calculating a success probability of        the service through the scenario based on the probability        regarding the procedure, to evaluate at least one of security        and usability based on the success probability; and    -   control processing of controlling the service to the terminal,        according to the evaluation result.

(Supplementary Note 15)

The program according to supplementary note 14, wherein the controlprocessing controls, continuation, or stop of the service to theterminal based on the evaluation result.

(Supplementary Note 16)

The program according to supplementary note 14 or 15, wherein theevaluation processing calculates a success probability of a user througha scenario of the service and a success probability by an attacker, andevaluating a security parameter to be compared with the successprobability by the attacker and a usability parameter to be comparedwith the success probability of the user, and

-   -   the control processing controls start or continuation of the        service to the terminal, on a condition that the success        probability by the attacker through the scenario of the service        is less than the security parameter, and the success probability        of the user through the scenario of the service is greater than        the usability parameter.

(Supplementary Note 17)

The program according to supplementary note 14, wherein the controlprocessing, changes to such a scenario that the success probability bythe attacker through the scenario of the service is less than thesecurity parameter, and then controls so as to provide the service tothe terminal, when the success probability by the attacker through thescenario of the service exceeds the security parameter, stops serviceprovision through the scenario to the terminal.

(Supplementary Note 18)

The program according to any one of supplementary notes 14 to 17,wherein each of the procedures is represented as a procedure f whichreturns 1 when the procedure is successful and returns 0 when theprocedure fails, and

-   -   the probability includes a probability that the procedure f        performed by each of a user and an attacker will succeed and        return 1, wherein the evaluation processing calculates the        success probability of the user through the scenario of the        service and the success probability by the attacker in        accordance with the procedures constituting the scenario, being        arranged in parallel connection, serial connection, or a        combination thereof.

(Supplementary Note 19)

The program according to any one of supplementary notes 14 to 18,causing the computer to execute

-   -   a processing of managing setting, holding, or changing of the        procedure for the scenario stored in the storage unit,    -   a probability that the procedure will succeed, and    -   at least one of security and usability for the service.

(Supplementary Note 20)

A non-transitory computer-readable storage medium storing the program ofany one of supplementary notes 14 to 19.

What is claimed is:
 1. A multi-factor authentication apparatuscommunicatively connecting to a terminal to perform multi-factorauthentication, comprising: a storage unit that stores a scenarioincluding a combination of procedures of multi-factor authenticationrequired for the terminal to receive provision of a service inassociation with the service, and stores, in association with each ofthe procedures, a probability that the procedure will succeed; anevaluation unit that calculates a success probability of the servicethrough the scenario based on the probability regarding the procedure toevaluate at least one of security and usability based on the successprobability; and a control unit that controls the service to theterminal, according to the evaluation result.
 2. The multi-factorauthentication apparatus according to claim 1, wherein the control unitcontrols start, continuation, or stop of the service to the terminalbased on the evaluation result.
 3. The multi-factor authenticationapparatus according to claim 2, wherein the evaluation unit calculates asuccess probability of a user through a scenario of the service and asuccess probability by an attacker, and evaluates a security parameterto be compared with the success probability by the attacker and ausability parameter to be compared with the success probability of theuser, and the control unit controls start or continuation of the serviceto the terminal, on a condition that the success probability by theattacker through the scenario of the service is less than the securityparameter, and the success probability of the user through the scenarioof the service is greater than the usability parameter.
 4. Themulti-factor authentication apparatus according to claim 3, wherein,when the success probability by the attacker through the scenario of theservice exceeds the security parameter, the control unit stops serviceprovision through the scenario to the terminal, changes to such ascenario that the success probability by the attacker through thescenario of the service is less than the security parameter, and thencontrols so as to provide the service to the terminal.
 5. Themulti-factor authentication apparatus according to claim 1, wherein eachof the procedures is represented as a procedure f which returns 1 whenthe procedure is successful and returns 0 when the procedure fails, andthe probability includes a probability that the procedure f performed byuser will succeed and return 1 and a probability that the procedure fperformed by an attacker will succeed and return 1, wherein theevaluation unit calculates the success probability of the user throughthe scenario of the service and the success probability by the attackerin accordance with the procedures constituting the scenario, beingarranged in parallel connection, serial connection, or a combinationthereof.
 6. The multi-factor authentication apparatus according to claim1, comprising a management unit that manages setting, holding, orchanging of the procedure for the scenario stored in the storage unit, aprobability that the procedure will succeed, and at least one ofsecurity and usability for the service.
 7. A server apparatus includingthe multi-factor authentication apparatus according to claim
 1. 8. Anauthentication system comprising a terminal and the multi-factorauthentication apparatus according to claim
 1. 9. A method forperforming multi-factor authentication by a computer communicativelyconnecting to a terminal, the method comprising: storing in a storageunit a scenario including a combination of procedures of multi-factorauthentication required for the terminal to receive provision of aservice in association with the service, and storing in the storageunit, in association with each of the procedures, a probability that theprocedure will succeed; calculating a success probability of the servicethrough the scenario based on the probability regarding the procedure,to evaluate at least one of security and usability based on the successprobability; and controlling the service to the terminal, according tothe evaluation result.
 10. The method according to claim 9, comprisingcontrolling start, continuation, or stop of the service to the terminalbased on the evaluation result.
 11. The method according to claim 9,comprising: calculating a success probability of a user through ascenario of the service and a success probability by an attacker, andevaluating a security parameter to be compared with the successprobability by the attacker and a usability parameter to be comparedwith the success probability of the user; and controlling start orcontinuation of the service to the terminal, on a condition that thesuccess probability by the attacker through the scenario of the serviceis less than the security parameter, and the success probability of theuser through the scenario of the service is greater than the usabilityparameter.
 12. The method according to claim 11, comprising: when thesuccess probability by the attacker through the scenario of the serviceexceeds the security parameter, stopping service provision through thescenario to the terminal, changing to such a scenario that the successprobability by the attacker through the scenario of the service is lessthan the security parameter, and then controlling so as to provide theservice to the terminal.
 13. The method according to claim 9, whereineach of the procedures is represented as a procedure f which returns 1when the procedure is successful and returns 0 when the procedure fails,and the probability includes a probability that the procedure fperformed by a user will succeed and return 1 and a probability that theprocedure f performed by an attacker will succeed and return 1, themethod comprising calculating the success probability of the userthrough the scenario of the service and the success probability by theattacker in accordance with the procedures constituting the scenario,being arranged in parallel connection, serial connection, or acombination thereof.
 14. A non-transitory computer-readable recordingmedium storing therein a program causing a computer communicativelyconnecting to a terminal to perform multi-factor authentication toexecute processing comprising: storing in a storage unit a scenarioincluding a combination of procedures of multi-factor authenticationrequired for a terminal to receive provision of a service in associationwith the service, and storing in the storage unit, in association witheach of the procedures, a probability that the procedure will succeed;calculating a success probability of the service through the scenariobased on the probability regarding the procedure, to evaluate at leastone of security and usability based on the success probability; andcontrolling the service to the terminal, according to the evaluationresult.
 15. The recording medium according to claim 14, wherein thecontrolling processing controls start, continuation, or stop of theservice to the terminal based on the evaluation result.
 16. Therecording medium according to claim 14, wherein the calculatingprocessing calculates a success probability of a user through a scenarioof the service and a success probability by an attacker, and evaluatinga security parameter to be compared with the success probability by theattacker and a usability parameter to be compared with the successprobability of the user, and the controlling processing start orcontinuation of the service to the terminal, on a condition that thesuccess probability by the attacker through the scenario of the serviceis less than the security parameter, and the success probability of theuser through the scenario of the service is greater than the usabilityparameter.
 17. The recording medium according to claim 14, wherein thecontrolling processing changes to such a scenario that the successcontrols so as to provide the service to the terminal, when the successprobability by the attacker through the scenario of the service exceedsthe security parameter, stops service provision through the scenario tothe terminal.
 18. The recording medium according to claim 14, whereineach of the procedures is represented as a procedure f which returns 1when the procedure is successful and returns 0 when the procedure fails,and the probability includes a probability that the procedure fperformed by each of a user and an attacker will succeed and return 1,wherein the calculating processing calculates the success probability ofthe user through the scenario of the service and the success probabilityby the attacker in accordance with the procedures constituting thescenario, being arranged in parallel connection, serial connection, or acombination thereof.
 19. The recording medium according to claim 14,storing therein the program further causing the computer to executeprocessing comprising: managing setting, holding, or changing of theprocedure for the scenario stored in the storage unit, a probabilitythat the procedure will succeed, and at least one of security andusability for the service.